Posted on 10/08/2009 1:10:51 PM PDT by ShadowAce
If you use the Internet Explorer, Google Chrome or Apple Safari browsers to conduct PayPal transactions, now would be a good time to switch over to the decidedly more secure Firefox alternative.
That's because a hacker on Monday published a counterfeit secure sockets layer certificate that exploits a gaping hole in a Microsoft library used by all three of those browsers. Although the certificate is fraudulent, it appears to all three to be a completely legitimate credential vouching for the online payment service. The bug was disclosed more than nine weeks ago, but Microsoft has yet to fix it.
Monday's release of the so-called null-prefix certificate for PayPal is a serious blow to online security because it makes it trivial for cybercrooks to defeat one of the web's oldest and most relied upon defenses against man-in-the-middle attacks. PayPal and thousands of other financial websites use the certificates to generate a digital signature that mathematically proves login pages aren't forgeries that were set up by con artists who are sitting in between the user and the website he's trying to view.
The certificate exploits a security hole in a Microsoft application programming interface known as the CryptoAPI, which is used by the IE, Google Chrome and Apple Safari for Windows browsers to parse a website's SSL certificates. Even though the certificate is demonstrably forged, it can be used with a previously available hacking tool called SSLSniff to cause all three browsers to display a spoofed page with no warnings, even when its address begins with "https."
"Use this with SSLSniff and it's game over," Moxie Marlinspike, a hacker who demonstrated the SSL weakness at the Black Hat security conference in Las Vegas, Nevada, said of the bogus PayPal cert. "It's true that posting this doesn't exactly seem prudent and is personally frustrating for me. Technically, though, it might be more fair to say that Windows users are at risk because of a vulnerability that remains unpatched by Microsoft."
A PayPal spokeswoman said the company's information security team is aware of the fraudulent certificate. "We're working to see if there are any technical workarounds on the PayPal side which can be put into place," she said.
The certificate is the latest to target a weakness that causes browsers, email clients, and other SSL-enabled apps to ignore all text following the \ and 0 characters, which are used to denote the end of a string of characters in C-based languages. Attackers can exploit that weakness by registering a normal SSL certificate for a site under their control and then inserting the domain name and the null character immediately following the name of the site they want to impersonate.
The name on the certificate looked something like the following:
www.paypal.com\0ssl.secureconnection.cc
While the vulnerability was disclosed in July, Microsoft has yet to acknowledge or fix it in the crypto library, which is used by a wide variety of applications. A spokesman for the software giant said last week that members of its security team are "investigating a possible vulnerability in Windows presented during Black Hat" and "will take appropriate actions to protect customers" once it's completed.
The take-away from all of this is that if you use IE, Chrome or Safari for Windows to browse SSL-protected parts of PayPal, there's no way to know if they are genuine - at least until Microsoft gets around to fixing the bug. And because it's entirely possible null-prefix certificates for other sites have been issued more quietly, there's no way to rely on SSL at all for those browsers.
The obvious answer now is for the certificate authority that issued the fraudulent credential to revoke it. But even then, there's no way to guarantee the rogue certificate is taken out of circulation because of vulnerabilities in the Online Certificate Status Protocol, which Marlinspike also discussed at Black Hat.
Fortunately, Mozilla developers patched the hole a few days after Marlinspike's demo and Apple followed suit a few weeks later with Safari for OS X. That means if you're on Windows, the only way to protect yourself against this critical vulnerability is to use versions 3.5 or 3.0.13 or later of Firefox. At least until Microsoft fixes the CryptoAPI, whenever that may be. ®
Thanks for the heads up! Love your ping list.
Does this affect transactions conducted directly through Paypal’s site?
“...mathematically proves login pages aren’t forgeries that were set up by con artists who are sitting in between the user and the website he’s trying to view.”
Yes. It affects all web pages in the secure portion of the site.
If you are the one putting in the “www.paypal.com” into your browser, you’re fine.
This affects the “pay with PayPal” buttons on a merchant’s website that can steer you to a phony PayPal screen that fools your browser into thinking it’s legit.
Any idea if Opera is affected?
Thank goodness I use Firefox now.
Wrong. You’re thinking of a much more primitive type of attack. This is way more sophisticated.
If I’m on your LAN (or simply have a rooted box on your LAN), I can hijack your DNS request and trick your machine into resolving your request for paypal.com to point to me instead of the real paypal.
When I do that, the only way you can know that you’re talking to a phony is via a certificate. However, this attack tricks your machine into accepting a forged certificate.
It is quite nifty.
And blow.
Cheers!
One more reason OS X is more secure than the feeble, insecure, proprietary, closed-source crapware produced by Microsoft.
Safari for Mac, just like everything else pertaining to SSL certificate security in OS X, uses robust open-source OpenSSL software libraries that has been hammered on by the worlds best programmers and cryptographers for years.
Everything Microsoft touches is sh!t.
I think I have had 2 updates to my Camino browser for Mac in the last 10 days. I wonder if one was related to this...
Fairly certain I saw this type of attack about 7 to 8 weeks ago. Was logged into what appeared to be the normal paypal web site, on a compromised workstation, but right in the middle of the first screen after login, there was a paypal request to update the CC card info. The clue was the text wording was not grammatically proper English and they wanted the PIN number of a bank ATM card. Paypal never needs a pin number for your cc card backing up their account. Been using Firefox since then with no problems after complete format. FYI - I always type the paypal address manually when accessing the site.
If you use the Internet Explorer, Google Chrome or Apple Safari browsers to conduct PayPal transactions, now would be a good time to switch over to the decidedly more secure Firefox alternative.Skip from lead paragraph to last paragraph)That's because a hacker on Monday published a counterfeit secure sockets layer certificate that exploits a gaping hole in a Microsoft library used by all three of those browsers. Although the certificate is fraudulent, it appears to all three to be a completely legitimate credential vouching for the online payment service. The bug was disclosed more than nine weeks ago, but Microsoft has yet to fix it.
. . . Fortunately, Mozilla developers patched the hole a few days after Marlinspike's demo and Apple followed suit a few weeks later with Safari for OS X. That means if you're on Windows, the only way to protect yourself against this critical vulnerability is to use versions 3.5 or 3.0.13 or later of Firefox. At least until Microsoft fixes the CryptoAPI, whenever that may be. ®
So from the POV of a Mac user, essentially the entire article up to the last paragraph is a bunch of Elmer.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.